<?php

require_once("header.php");

$email = $_POST['login-email'];
$password = $_POST['login-password'];

if ( !preg_match("/^[-\w]+(\.[-\w]+)*@[-\w]+(\.[-\w]+)*(\.[a-z]{2,3})$/i", $email) ) {
	echo 'Please input valid email';
	exit(0);
}
if ( !preg_match("/^.{5,30}$/", $password) ) {
	echo 'Please input valid password';
	exit(0);
}

// check password
$result = $db->query("SELECT user_id, is_admin FROM user WHERE is_banned = 0 And email='$email' And password = '".md5("Happy".$password)."'");

$got = false;

foreach ( $result as $row ) {
	// set sessions
	$_SESSION['user_id'] = $row['user_id'];
	
	$_SESSION['logon'] = true;
	
	$_SESSION['is_admin'] = ($row['is_admin'] == 1);
	
	$got = true;
	
	echo "OK";
	
	break;
	
}


	
if ( !$got ) {

	$_SESSION['logon'] = false;

	echo "Password wrong";

}


?>